(OT) Google: "Somebody knows your password"
Volker Wysk
post at volker-wysk.de
Sun Aug 6 17:52:26 UTC 2017
Hello to everyone in this thread.
I've come to the conclusion that this suspicious mail, which I have received
from (supposedly) google, isn't phishing. It is for real.
The question which occured several times in this forum is: Is this a HTML
mail? The answer: It's both: a html mail as well as a plain text mail.
Inspecting it (saved as a .mbox file) reveals that the header contains
"Content-Type: multipart/alternative". The mail contains two versions with
(supposedly) the same information in it: one of type "text/plain" and one
"text/html".
KMail seems to simply display the plain text version, when confronted with
this situation.
The plain text block in the mail is encoded in base64, meaning you can't read
it without decoding it. This might be due to the charset utf-8 being used,
with data not fitting in 7 bits.
In any case, KMail displays the plain text version of the mail. So HTML can't
be used to make links look like something different from what they are.
The two links in the mail, regardless of being clicked, or being typed in the
address bar of the browser, lead to google. I assume that no "DNS poisoning"
is in place.
Google's device activity page (https://myaccount.google.com/device-activity)
reveals that someone has tried to log in to my account, using an unknown
device, from a place far from where I'm living, at a point of time I have been
asleep. The device and the place have lead google to reject the log in, and
sending me a security warning instead.
https://support.google.com/accounts/answer/6063333?hl=de
Now I'm a little jumpy because someone could steal my password...
Regards.
Volker
More information about the ubuntu-users
mailing list